Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Yara Sweeper - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Yara Sweeper
Yara Sweeper

The aim of this tool is to run yara rules in a large scale environment.
Yara sweeper is useful to be used, in a live Incident Response situation, to scan processes running in memory
or files residing on disk.

It works on Linux, Windows and OSX.

Use cases
On demand sweep. During Incident Response, invoke the agent to perform the scan on files, directory or running process with a quickly created yara rule pushed on git repository.

Continuous IOCs monitoring. Collect a library of yara rules based on IOCs built over time, and create scheduled tasks to run regularly sweeping on the endpoint for specified yara rules; the syslog events generated are sent to SIEM.

Sign Up for Free or Log In to start participating in the conversation!